Azure AD Conditional Access policies for Office 365 (Exchange and SharePoint Online) is now available in preview; additional services may be supported (see at the end of this post).
This will make it easier to request multi-factor authentication when accessing Office 365 services. Until then, either you had to manage it at the ADFS level if you were using federated authentication or you were not able to define such conditional access if you were using Office 365 authentication.
Before setting up Azure AD Conditional Access policies you need to ensure that your devices will be supported:
- OS: Windows 7 to 10 and Mac OS
- Client: Office 2016, Office 2013 with Modern Authentication enabled (see https://support.office.com/en-us/article/Enable-Modern-Authentication-for-Office-2013-on-Windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910 to enable Modern Authentication for Office 2013)
- Mobile: iOS and Android, only Outlook email app
- Authentication Method: Cloud (not federated)
Setup Conditional Access Policies (Cloud Authentication)
Logon to your Azure administration portal (“old” version) using your Office 365 admin account (or Azure AD admin account) – https://manage.windowsazure.com
Access your Office 365 directory and open the Applications tab
Select Office 365 Exchange Online
Then open the Configure options
Active the Multi Factor Authentication and Location Based Access Rules
And define your requirements
Repeat with Office 365 SharePoint Online
You can also configure Yammer, Visual Studio Online, Office 365 Customer Success Center, CRM Online, Azure RemoteApp, Azure OMS …